• src/sbbs3/ftpsrvr.c

    From rswindell to CVS commit on Fri Apr 17 11:44:32 2020
    src/sbbs3 ftpsrvr.c 1.497 1.498
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv1115

    Modified Files:
    ftpsrvr.c
    Log Message:
    Increase the size of the buffer used to format the download notification short messages (telegrams) from 128 to 256 bytes to resolve observed truncation of download notification messages like this:
    "Guns N Roses - Hotel Brawl Jam (Live).mp3 was FTP-downloaded by Guest [89.245.6.
    199]
    You were awarded 2,057,356 cred"

  • From rswindell to CVS commit on Wed May 27 01:23:39 2020
    src/sbbs3 ftpsrvr.c 1.498 1.499
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv30088

    Modified Files:
    ftpsrvr.c
    Log Message:
    Log the user name or IP address in more places.

  • From rswindell to CVS commit on Sat Aug 15 12:15:39 2020
    src/sbbs3 ftpsrvr.c 1.500 1.501
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv23645

    Modified Files:
    ftpsrvr.c
    Log Message:
    More file existence/length checks, with only a WARNING log level (not error) since some QWKnet nodes apparently like to start concurrent QWK packet downloads and inevitably one finishes first, deleting the file, and the second transfer logs and error. Examples:
    8/14 08:10:06p 2296 <EPHRAM> downloading QWK packet (1320 bytes) in passive mode
    8/14 08:10:06p 3792 <EPHRAM> downloading QWK packet (1320 bytes) in passive mode
    8/14 08:10:06p 2296 <EPHRAM> DATA Transfer successful: 1320 bytes sent in 0 seconds (2640 cps)
    8/14 08:10:06p 3792 <EPHRAM> !DATA ERROR 2 (No such file or directory) line 1376 opening s:\sbbs\data\file/0888.qwk
    8/14 11:28:55p 2576 <POTOGOLD> downloading QWK packet (27129 bytes) in passive mode
    8/14 11:28:55p 2576 <POTOGOLD> DATA Transfer successful: 27129 bytes sent in 0 seconds (54258 cps)
    8/14 11:28:55p 1924 <POTOGOLD> downloading QWK packet (4294967295 bytes) in passive mode
    8/14 11:28:56p 1924 <POTOGOLD> !DATA ERROR 2 (No such file or directory) line 1376 opening s:\sbbs\data\file/0168.qwk

    Also some more 64-bit file length support (flength returns an off_t now, not a ulong).
    And ftell() returns a long (not a ulong).


  • From Rob Swindell to Git commit to sbbs/master on Sat Oct 24 22:06:02 2020
    https://gitlab.synchro.net/sbbs/sbbs/-/commit/10477fe29378aebb82b8efd2
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Create the pack*.now with fmutex() to prevent simultaneous QWK packs

    Probably only a problem on Vertrauen, but some QWKnet nodes, for some unknown reason, like to FTP-connect multiple times concurrently and request to download a QWK packet. This creates a race condition where the QWK packet gets created/downloaded/deleted before the second FTP connection can successfully download the same file, thus logging an error "opening file " on the server (VERT). So if the pack*.now file already exists, reject the download request. "What are doing?" is what I really want to ask these nodes, but better just throw them an error response and quietly move on.
  • From Rob Swindell to Git commit to main/sbbs/master on Tue Dec 29 23:51:44 2020
    https://gitlab.synchro.net/main/sbbs/-/commit/31d07482c7dc81b1af72e495
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Remove 3 second delay before disconnecting when max clients reached

    This seems to be misguided and would only increase the chances of a DoS-type attack on TCP session resources.

    A second 3-second delay upon malloc failure is also removed.
  • From Rob Swindell to Git commit to main/sbbs/master on Thu Dec 31 02:23:34 2020
    https://gitlab.synchro.net/main/sbbs/-/commit/dcb003099daa5b03e53542d4
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Log messages indicating AUTH TLS success or failure and set client prot

    Set the client protocol to "FTPS" upon successful TLS startup in the control connection (response to the AUTH TLS command from the client). Log some messages indicating FTPS was attempted or successful.
  • From Rob Swindell to Git commit to main/sbbs/master on Sat Jan 9 13:44:06 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/3ead8a4d227af07c81c2c8e5
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Don't delete pack####.now upon FTP-logoff

    When a user logins to the FTP server concurrently, this creates a
    race condition with an/the other FTP session that may be creating/
    downloading a QWK packet. On Vertrauen, this results in the
    occasional error removing the file since it was removed unexpectedly:
    !ERROR 2 (No such file or directory) in main.cpp line 2747 (event_thread) removing "/sbbs/data/pack1111.now" access=0
  • From Deuc╨╡ to Git commit to main/sbbs/master on Fri Feb 19 09:32:09 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/59b8829a0915a454233ea17d
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Fix CIDs 174500 and 174471
  • From Rob Swindell to Git commit to main/sbbs/master on Mon Mar 8 11:41:21 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/b62505add30804e8c6a6fb79
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Remove extraneous (void) typedefs

    See if this resolves rjwboys reported error:
    threadwrap.h:204:42: error: expected expression before ‘do’
    #define protected_uint32_init(pval, val) atomic_init(pval, val)
  • From Rob Swindell to Git commit to main/sbbs/master on Mon Jun 7 20:14:25 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/6fee19566f510a9c5cda36a4
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Detect TLS startup errors correct/fully

    We can't (apparently) only rely on the return value of start_tls(), we have to check the value of the crypt session too.
    This fix the possibility of this happening:
    Jun 7 18:07:26 sbbs synchronet: ftp 0058 TLS ERROR 'No permiss.to perform this operation' (-21) opening keyset
    Jun 7 18:07:26 sbbs synchronet: ftp 0058 <192.168.1.25> initialized TLS successfully

    Instead, we'll detect the failure and disable FTPS support, logging "failed to initialize TLS successfully".
  • From Rob Swindell to Git commit to main/sbbs/master on Sat Sep 18 17:02:24 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/bb1ee45982174c3a0a73ce1e
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Fix segfault reported with ftpalias.cfg support in some cases

    ftpalias() can return true even when the directory is not set to a valid directory index (i.e. set to -1), so using as an array index would definitely segfault. Part of commit 8ad30b6c by Deuce 3 years ago.

    I didn't test this as I'm not sure exactly the combination of ftpalias.cfg content and FTP command received that would trigger this, but it's most definitely a bug.

    So should fix the segfault reported in issue #288.
  • From Rob Swindell to Git commit to main/sbbs/master on Sat Sep 18 22:22:14 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/15906e19c9b0b832027ce673
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Handle FTP requests for paths that start with "/./"

    Midnight Commander (mc) apparently sends requests like this for files
    (e.g. aliases) in the virtual root directory.

    Fixes another part of the reported issue #288.
  • From Rob Swindell to Git commit to main/sbbs/master on Sun Dec 5 18:42:38 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/17a67ee9d95051145677ec52
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Fix FTPS upload failure: !DATA ERROR 0 receiving on data socket

    Don't treat CRYPT_ERROR_COMPLETE (-24) as a socket error during upload since it's an indication that the remote closed the connection and is the normal "end of file/transfer" indicator, not an error. 'rd' is already 0 in this case, so no need to set at all (since recv() returns 0 upon disconnect and that's what we're emulating here).

    Fixes issue #309 reported by Jas Hud.
  • From MRO@BBSESINF to Rob Swindell on Mon Dec 6 13:35:33 2021
    Re: src/sbbs3/ftpsrvr.c
    By: Rob Swindell to Git commit to main/sbbs/master on Sun Dec 05 2021 06:42 pm

    https://gitlab.synchro.net/main/sbbs/-/commit/17a67ee9d95051145677ec52 Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Fix FTPS upload failure: !DATA ERROR 0 receiving on data socket

    Don't treat CRYPT_ERROR_COMPLETE (-24) as a socket error during upload since it's an indication that the remote closed the connection and is the normal "end of file/transfer" indicator, not an error. 'rd' is already 0 in this case, so no need to set at all (since recv() returns 0 upon disconnect and that's what we're emulating here).

    Fixes issue #309 reported by Jas Hud.

    i cant upload files using any protocol on your bbs and cvs.synchro.net
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Digital Man to MRO on Mon Dec 6 13:20:33 2021
    Re: src/sbbs3/ftpsrvr.c
    By: MRO to Rob Swindell on Mon Dec 06 2021 01:35 pm

    Fixes issue #309 reported by Jas Hud.

    i cant upload files using any protocol on your bbs and cvs.synchro.net

    Working for me (now). I replied to your emails about this already. I appreciate your continued testing.

    Don't try to use SyncTERM v1.2b for uploads (they don't work).
    --
    digital man (rob)

    Synchronet/BBS Terminology Definition #14:
    CGA = Color Graphics Adapter (IBM)
    Norco, CA WX: 72.0°F, 35.0% humidity, 8 mph NNW wind, 0.00 inches rain/24hrs
  • From MRO@BBSESINF to Digital Man on Tue Dec 7 14:58:09 2021
    Re: src/sbbs3/ftpsrvr.c
    By: Digital Man to MRO on Mon Dec 06 2021 01:20 pm

    Re: src/sbbs3/ftpsrvr.c
    By: MRO to Rob Swindell on Mon Dec 06 2021 01:35 pm

    Fixes issue #309 reported by Jas Hud.

    i cant upload files using any protocol on your bbs and cvs.synchro.net

    Working for me (now). I replied to your emails about this already. I appreciate your continued testing.

    Don't try to use SyncTERM v1.2b for uploads (they don't work).

    yeah i tried to delete this msg but it already sent.
    i'm using 1.1b win32 of syncterm
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Digital Man to MRO on Tue Dec 7 19:45:13 2021
    Re: src/sbbs3/ftpsrvr.c
    By: MRO to Digital Man on Tue Dec 07 2021 02:58 pm

    Re: src/sbbs3/ftpsrvr.c
    By: Digital Man to MRO on Mon Dec 06 2021 01:20 pm

    Re: src/sbbs3/ftpsrvr.c
    By: MRO to Rob Swindell on Mon Dec 06 2021 01:35 pm

    Fixes issue #309 reported by Jas Hud.

    i cant upload files using any protocol on your bbs and cvs.synchro.net

    Working for me (now). I replied to your emails about this already. I appreciate your continued testing.

    Don't try to use SyncTERM v1.2b for uploads (they don't work).

    yeah i tried to delete this msg but it already sent.
    i'm using 1.1b win32 of syncterm

    1.1 was released over a year ago. That's the supported/known-working version. 1.1b (for SyncTERM) means "beta" or pre-1.1.
    --
    digital man (rob)

    This Is Spinal Tap quote #39:
    Female Airport Security Officer: Do you have any artificial plates or limbs? Norco, CA WX: 54.1°F, 85.0% humidity, 0 mph SSW wind, 0.00 inches rain/24hrs
  • From MRO@BBSESINF to Digital Man on Wed Dec 8 05:14:29 2021
    Re: src/sbbs3/ftpsrvr.c
    By: Digital Man to MRO on Tue Dec 07 2021 07:45 pm

    yeah i tried to delete this msg but it already sent.
    i'm using 1.1b win32 of syncterm

    1.1 was released over a year ago. That's the supported/known-working version. 1.1b (for SyncTERM) means "beta" or pre-1.1.

    yeah, it works for what i use it for so i'm not going to upgrade.
    it's not bombing out on me during connections.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Rob Swindell to Git commit to main/sbbs/master on Mon Jan 10 22:27:52 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/7ccc618a991a97d22336fcc0
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Log unallowed/illegal filenames in quotes

    Prefixed or trailing white-space characters would be hard to discern without this.
  • From Rob Swindell to Git commit to main/sbbs/master on Mon Jan 31 11:58:42 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/658773d65b44452a84a696fb
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Log the full path for rejected uploads based on directory

    The logged error "!attempted to upload to invalid directory" did log the actual path that was attempted to be uploaded.

    Added some quotes around other logged paths.
  • From Rob Swindell to Git commit to main/sbbs/master on Mon Jan 31 12:20:26 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/52b2e20a5dd8330adb315d73
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Change "attempted to upload to invalid directory" msg

    Make it more accurate/clear:
    "attempted to upload invalid path/filename"
  • From Rob Swindell to Git commit to main/sbbs/master on Mon Jan 30 16:00:04 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/5fdf8f0fddbcc5016c033af8
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Don't MQTT-publish the download of temp files
  • From Rob Swindell (on Windows) to Git commit to main/sbbs/master on Thu Feb 2 17:51:37 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/8e94a448a7346a36d4a85dbe
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Fix uploader-notification, credit awards, download-counters in FTP downloads

    Since v3.19 (the new filebases), when a user FTP-downloaded a file, we failed to properly find/load that file's record from the filebase (searching for the file's full path, rather than just the filename), so the code the increments the file's download counter, notifies the uploader, awards credits, etc. did not ever execute. This means that FTP-downloads for all files downloaded via FTP were effectively "free" (and nobody noticed). No error was logged either.

    I discovered this while debugging the case of "(null)" filenames in the action/download MQTT topic messages being published by the FTP server. So
    that issue is fixed as part of this commit as well.

    Oh, and if this code had executed before, it would have memory-leaked the
    file information, so that's fixed too (added call to smb_freefilemem). Ugh.
  • From Rob Swindell (on Windows) to Git commit to main/sbbs/master on Thu Feb 9 12:43:11 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/3709ae9d438cc0932f70c46f
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Free/zero out the file_t struct *after* sending the MQTT action msg

    ... not before. This explains why FTP-uploaded actions had a (null) filename.
  • From Rob Swindell (on ChromeOS) to Git commit to main/sbbs/master on Sat Mar 18 19:40:18 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/448e18156d14b0b8a2bb535a
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Add free disk space check against minimum space configured

    Disallow uploads when free disk space falls below minimum configured
    minimum free disk space.

    This fixes issue #535
  • From Rob Swindell (on ChromeOS) to Git commit to main/sbbs/master on Sat Mar 18 19:40:18 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/36fea1c5acf774be516d1df6
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Limit uploaded file sizes, accounting for free disk space

    The lower of the configured maximum file size (for the FTP server) and
    the available disk space minus the configured minimum free disk space
    is used as the maximum file size to allow upload. Appended files
    are accounted for too.
  • From Rob Swindell (in GitKraken) to Git commit to main/sbbs/master on Fri Mar 24 12:01:53 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/2e93426824b48954395c0b1f
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Fix some signed/unsigned comparison warnings from MSVC
  • From Rob Swindell (on Windows) to Git commit to main/sbbs/master on Thu Apr 13 18:45:54 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/3e2c3176de6108c697d25a69
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Fix false "SUSPECTED BOUNCE ATTACK ATTEMPT" for IPv6 FTP-data connections

    This bug only impacted non-passive FTP connections. Using an FTP client
    with active (not passive) data connections over an IPv6 connection would false-trigger the "bounce attack" detection and the FTP server responded with "504 Bad port number" and logged a hack attempt in data/hack.log.

    The issue was that we were comparing the socket address structure (which contains other fields besides the address itself) between the control and proposed-data connections. While this logic worked okay for IPv4,
    it did not for IPv6 (the 2 structs contained some non-address differences). Rather than modify the socket address structures to match where needed, I'm just comparing the string representation of the addresses, since that's
    what we really care about anyway.

    Thank to "mark i" of Truck Stop BBS for alerting me to this issue
  • From Rob Swindell (on Windows 11) to Git commit to main/sbbs/master on Sun Nov 12 16:47:50 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/5d903235ca2629f59dc78999
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Log errno description upon QWK pack mutex file creation failure
  • From Rob Swindell (on Windows 11) to Git commit to main/sbbs/master on Tue Jan 9 17:20:47 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/339599be4e8c05ed8e3fabe9
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Fix MSLT and MSLD response for QWK packet filename in root directory

    Reusing the variable 'str' here for multiple purposes meant the QWK packet filename was overwritten by the owner name (the system's BBS-ID):

    mlsd
    229 Entering Extended Passive Mode (|||2001|)
    150 Opening ASCII mode data connection for MLSD.
    Type=file;Perm=r;UNIX.ownername=VERT; 00index
    Type=cdir;Perm=elc;UNIX.ownername=VERT; /
    Type=file;Perm=r;UNIX.ownername=VERT; VERT

    That last file there should have been "VERT.qwk"
  • From Rob Swindell (on Windows 11) to Git commit to main/sbbs/master on Tue Jan 9 17:20:47 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/3a25ed550b4f5d6563da0d8a
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Use safe string copying in get_owner_name() via strlcpy()
  • From Rob Swindell (on Windows 11) to Git commit to main/sbbs/master on Tue Jan 9 17:20:47 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/bb4ccdaad2c07262560ddab9
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Restore ftpalias.cfg support for MLSx commands

    Support was accidentally removed as part of commit 0d01544d, meaning
    the ftpalias.cfg wasn't used at all in responses to the MLSx commands as reported by Max (WESTLINE) using Total Commander, FileZilla and Directory
    opus. The traditional "LIST" commands still worked fine with ftpalias.cfg contents just fine.

    The reason this code was accidentally removed was due to the errant
    copy/pasted comparison with startup->html_index_file that did not belong here and made the block appear related to HTML index file generation. It was not. This was just a bug in the initial implementation of MLSx support in
    commit d4deb4b3.

    Also included in this commit:
    - Return the date/size of the user's QWK packet file, if it exists, in MLSx
    response.
    - send_mlsx_entry() won't report negative time_t values as file modify dates
    (flength returns -1 upon failure/file-not-found).
    - get_owner_name() returns the string, making it easier to use in function
    calls.

    There appears to still be some work to do to make the MLSx commands fully compliant with RFC 3659 (e.g. "mlst filename" from ftpalias.cfg should work
    but does not), but at least FileZilla displays ftpalias.cfg files and directories correctly now.
  • From Deuc╨╡ to Git commit to main/sbbs/master on Wed Feb 7 13:41:41 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/e1b0164230ba4987cae0c3df
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Mostly time_t printfs, but also an odd bit where it's printing a
    value that's not an off_t as one.
  • From Rob Swindell (on Windows 11) to Git commit to main/sbbs/master on Wed Mar 20 20:31:50 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/0ca7156dc5215b928bf5a689
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    Reduce log severity of QWK-packet removal error log message to WARNING

    This allows each call to ftp_remote() to specify the log level for any remove failure. All others file-removal failures will continue to log at ERROR level.

    I get this particular (harmless) error a lot, so just reducing to warning:
    ftp ... !ERROR 13 (Permission denied) (line 860) removing file: path/to/*.qwk
  • From Rob Swindell (on Windows 11) to Git commit to main/sbbs/master on Thu Mar 21 21:56:39 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/05420809878c8fd7f272fa87
    Modified Files:
    src/sbbs3/ftpsrvr.c
    Log Message:
    ftp_remove() returns a bool (not an int) now, so do the right thing